75475 matches found
EUVD-2025-209947
Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...
EUVD-2025-209946
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...
CVE-2025-68708
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...
Malicious Package
Overview codexui-android is a malicious package. offering a remote web UI for OpenAI Codex, secretly stealing Codex OAuth credentials. Malicious code exists only in published npm builds—not in the public GitHub repo—and runs at import time, reading /.codex/auth.json, XOR-encrypting it, and POSTin...
CVE-2025-68709
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...
CVE-2025-68710
Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...
PT-2026-43381
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...
CVE-2025-68710
CVE-2025-68710 concerns Easyelife App lock 1.9.2 for Android. The vulnerability arises because the lock is implemented as an overlay instead of using Android’s secure authentication APIs, allowing a local attacker with physical access to bypass the PIN. By navigating cascading interface flows and...
CVE-2025-68709
SailingLab AppLock (com.alpha.applock) Android app, version 4.3.8, is affected. The vulnerability arises in BrowserMainActivity, which accepts VIEW intents with javascript: URIs, allowing local attackers to trigger arbitrary JavaScript execution. This unsafe navigation path can lead to UI spoofin...
CVE-2025-68708
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...
CVE-2025-68710
Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...
CVE-2025-68709
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...
PT-2026-43382
Name of the Vulnerable Software and Affected Versions Easyelife App lock version 1.9.2 Description An issue in the application allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay instead of utilizing Android's secure authentication APIs. By...
CVE-2025-68709
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...
CVE-2025-68708
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...
CVE-2025-68710
Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...
CVE-2025-68711
AppLockZ App Lock and Fingerprint Lock applock.passwordfingerprint.applockz 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface...
Easyelife App Lock 安全漏洞
Easyelife App Lock is a mobile application security management tool developed by Easyelife Corporation. Version 1.9.2 of Easyelife App Lock contains a security vulnerability. This vulnerability stems from the PIN lock being implemented as a overlay rather than using Android security authenticatio...
CVE-2025-68708
SailingLab AppLock (com.alpha.applock) v4.3.8 for Android is affected by an overlay-based lock that bypasses PIN verification when an attacker with physical access navigates insecure, exposed routes via ads or browser intents. The root cause is the lock implementation not using Android’s secure a...
PT-2026-43393
Name of the Vulnerable Software and Affected Versions SailingLab AppLock version 4.3.8 Description An issue in the application allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay instead of utilizing Android's secure authentication APIs. By...